Skip to main content

GDPR fines dished out more regularly in 2020

data protection
(Image credit: Image source: Shutterstock/Wright Studio)

Data privacy regulators across the European Union have imposed more than $330 million in fines since GDPR came into force, with Italian and German companies bearing the brunt.

This is according to the annual General Data Protection Regulation (GDPR) fines and data breach report, released annually by law firm DLA Piper.

According to the report, companies in Italy have been fined $84.5 million since May 2018, German firms have had to shell out $83.6 million, while the French have paid $65.8 million.

In total, there have been than 281,000 data breach notifications in the past two and a half years, with Germany (77,747) having the most, followed by The Netherlands (66,527) and the UK (30,536).

In France and Italy there were just 5,389 and 3,460 breaches reported, respectively. DLA Piper argues this shows the cultural differences in approach to breach notification.

Ever since GDPR came into force on May 25, 2018, the number of reported incidents has grown steadily, with the aggregate daily rate of breach notifications climbing consistently.

Since January 28, 2020, there has been 331 notifications per day on average, which represents a 19 percent increase compared to the same period the previous year.

The highest GDPR fine so far is the $61 million penalty issued to Google by the French data watchdog, for failing to stick to the transparency principle and the lack of valid consent.